Video Screencast Help

LDAP Key retrieval behavior

Created: 08 Oct 2012 • Updated: 14 Oct 2012 | 1 comment
NextChris's picture
This issue has been solved. See solution.

I have a question regarding the behavior of the keysearch on LDAP Directories such as trustcenter:

The US seems to skip the search on specific keyservers if it wasn´t sucessfull  the last time:

Log entry: "key search []: error getting recipient encryption key: Skipping keyserver because it was down the last time it was checked"

 - In the specific case i could reach trustcenter over LDAP from my client at the same time and after having restarted the PGP US services the keysearch was successfull again.

So does anybody have an idea of how to have the US search the external keyserver everytime or how to reduce the time-interval the keysearver is skipped?



Comments 1 CommentJump to latest comment

mwoj's picture

Hi Chris,

US is skipping the search if a previous key search attempt was unsuccessful. Meaning the keyserver could not be reached. There are two timeouts to mark a keyserver as down:

Timeout until receive an answer from the external keyserver: 15 sec
Connection timeout for keyserver connect: 5 sec

This timeouts are hardcoded.

If one of this timeouts have been reached then that entry will be marked as down.

Maybe there is a network connection issue between the servers that the search does timeout or specific ldap ports are not open.
Another reason could be that the external keyserver does not respond fast enough.

However you can force to not mark a keyserver as down if you put the entry in a white list in /etc/ovid/prefs.xml at the proxy section:

PS: I need to use pastebin otherwise the code above would be intepreted by Symantec CMS as HTML text.